Skip to main content
A Singapore Government Agency Website How to identify
Official website links end with .gov.sg
Government agencies communicate via .gov.sg websites (e.g. go.gov.sg/open). Trusted websites
Secure websites use HTTPS
Look for a lock () or https:// as an added precaution. Share sensitive information only on official, secure websites.

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
Alerts

Critical Vulnerabilities in Palo Alto Networks PAN-OS

14 May 2026

Palo Alto Networks has released security updates to address critical vulnerabilities in PAN-OS. Users and administrators of affected products are advised to update to the latest versions immediately.

Background

Palo Alto Networks has released security updates to address critical vulnerabilities (CVE-2026-0263, CVE-2026-0264, and CVE-2026-0265) affecting PAN-OS, as part of Palo Alto Networks' Patch Wednesday in May 2026. 

Impact

Successful exploitation of these vulnerabilities could lead to the following:

  • CVE-2026-0263: Due to a buffer overflow vulnerability in IKEv2 processing, an unauthenticated attacker could perform arbitrary code execution with elevated privileges or cause a denial of service condition on the affected firewall.

  • CVE-2026-0264: Due to a heap-based buffer overflow vulnerability in the DNS Proxy and DNS Server features, an unauthenticated attacker could perform arbitrary code execution on PA-Series hardware firewalls, or cause a denial of service condition on VM-Series firewalls.

  • CVE-2026-0265: Due to an authentication bypass vulnerability, an unauthenticated attacker could bypass authentication controls on the affected firewall or Panorama when Cloud Authentication Service (CAS) is enabled.

Affected Products

These vulnerabilities affect the following Palo Alto Networks PAN-OS versions on PA-Series and VM-Series firewalls:

For CVE-2026-0263:

  • PAN-OS 11.1: versions prior to 11.1.4-h33, 11.1.6-h32, 11.1.7-h6, 11.1.10-h25, 11.1.13-h5, and 11.1.15

  • PAN-OS 11.2: versions prior to 11.2.4-h17, 11.2.7-h13, 11.2.10-h6, and 11.2.12

  • PAN-OS 12.1: versions prior to 12.1.4-h5 and 12.1.7

For CVE-2026-0264 and CVE-2026-0265:

  • PAN-OS 10.2: versions prior to 10.2.7-h34, 10.2.10-h36, 10.2.13-h21, 10.2.16-h7, and 10.2.18-h6

  • PAN-OS 11.1: versions prior to 11.1.4-h33, 11.1.6-h32, 11.1.7-h6, 11.1.10-h25, 11.1.13-h5, and 11.1.15

  • PAN-OS 11.2: versions prior to 11.2.4-h17, 11.2.7-h13, 11.2.10-h6, and 11.2.12

  • PAN-OS 12.1: versions prior to 12.1.4-h5 and 12.1.7

Mitigation

Users and administrators of affected products are advised to update to the latest versions immediately.

References

https://security.paloaltonetworks.com/

https://nvd.nist.gov/vuln/detail/CVE-2026-0263

https://nvd.nist.gov/vuln/detail/CVE-2026-0264

https://nvd.nist.gov/vuln/detail/CVE-2026-0265

Back to top